Bug 706775 – openvpn plugin doesn't support 'keysize' option => not able to connect

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 706775 - openvpn plugin doesn't support 'keysize' option => not able to connect


Summary:	openvpn plugin doesn't support 'keysize' option => not able to connect


Status:	RESOLVED FIXED

Product:	NetworkManager
Classification:	Platform
Component:	VPN: openvpn
Version:	0.9.8
Hardware:	Other Linux

Importance:	Normal major
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-08-26 01:13 UTC by Steve Warren
Modified:	2013-09-11 07:07 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
This one works with openpvn --config from cli (586 bytes, application/octet-stream) 2013-08-26 01:13 UTC, Steve Warren	Details
Broken config from nm-applet (586 bytes, text/plain) 2013-08-26 01:21 UTC, Steve Warren	Details

Description Steve Warren 2013-08-26 01:13:17 UTC

Created attachment 253083 [details]
This one works with openpvn --config from cli

I have tried to import the attached config file for openvpn with nm-applet, but the saved config ends up broken. Following is the broken config from nm-applet and I attached the working config.


[connection]
id=proxpn
uuid=df43e0e5-31b1-4b7b-9a4a-846ce47b11df
type=vpn

[vpn]
service-type=org.freedesktop.NetworkManager.openvpn
connection-type=password-tls
password-flags=3
remote=miami.proxpn.com
cipher=BF-CBC     #missing keysize 512 line after this line
proto-tcp=yes
comp-lzo=yes
reneg-seconds=0
cert-pass-flags=0
port=443
tunnel-mtu=1500
mssfix=yes
username=warrensg2001@gmail.com
cert=/home/steve/Documents/MacOSX/config/ssl/client.crt
ca=/home/steve/Documents/MacOSX/config/ssl/ca.crt
key=/home/steve/Documents/MacOSX/config/ssl/client.key
               # missing verb 4 line
               # missing mute 5 line
[ipv4]
method=auto


The missing lines keep me from connecting to my vpn service with openpvn. While the offer pptp connections I would rather use the more secure openpvn connections. Please fix.

Comment 1 Steve Warren 2013-08-26 01:21:55 UTC

Created attachment 253084 [details]
Broken config from nm-applet

Comment 2 Jiri Klimes 2013-09-09 12:37:15 UTC

The 'verb' and 'mute' options are just used for logging.

The option that probably breaks the connectivity is the 'keysize' option, setting non-default key size for Blowfish cipher key. Even if changing key sizes is not recommended, we should support it not to fail for servers that changes the size.

I've written a patch to support '--keysize' option in NM plugin. NM devels, please review it in jklimes/bgo706775-keysize.
https://git.gnome.org/browse/network-manager-openvpn/log/?h=jklimes/bgo706775-keysize

Comment 3 Thomas Haller 2013-09-09 13:30:51 UTC

The patches look good to me

Comment 4 Dan Williams 2013-09-10 14:40:58 UTC

Looks good to me too.

Comment 5 Jiri Klimes 2013-09-11 07:07:04 UTC

Applied to master: 3d10af0947ed6eb02d9812b120a33508d68c7b86